Re: iptables ROUTE

Re: iptables ROUTE

[Cedric de Launois]

Le vendredi 07 janvier 2005 à 05:01 +0200, Tadas a écrit :
> Hi,

Hi, comments below...

> I am using your iptables ROUTE module quite much, it is very usefull thing
> which alows to do what most of people cant even imagine.
> i prefer to use iptables route instead of linux native routing, because it
> is more flexibe. --tee option should allow to fix multicast routing problem
> now there is no way to route such traffic on linux

You should also direct your mail to Patrick Schaaf, who coded the --tee
option.

> But something is wrong with --tee option, as I aunderstand it should not
> affect anything, but packet disapears instead, and goes nowhere.
> everything elese is working. I am using little old kernel 2.4.22 but that
> should not be problem.
>  I used latest source code from CVS
> 
> also seems this module somehow incorrectly handle multicat traffic,  even
> without tee option it should be able to forward it ,
> but I dont see anything on other side.
> I am not sure is there are no other problems, why this dont work. So I will
> check everything again, but seems there is some problems wih ROUTE module

This option wasn't intented to solve multicast routing issues,
so I'm not surprised of your problems. 

> Now I did not have time to fix these problems myself, you probably can do
> that much easer, because you know better your own code.
> also I think one more option is needed: now tee can only copy and send
> immediately, what is not enough, because it may be nesecary to mangle packet
> before sending.
> the most easy way is to send copied packet to some iptables chain instead of
> sending to interface. probably this is even more easy to implement. and much
> more flexible.
> because we can mark and  route that copy anytime then.

My feeling is also that we need something more flexible, like a target that
duplicates a packet and sets a mark to it, so that further rules can be applied.
Patrick : would this king of target fill your needs ?

> I am going to write some iptables extensions too, but little later.

What about a 'DUP' target ?

Cedric

iptables + ROUTE

[Mato Vidovic]

Hi, 

I am new in iptables world - and after reading many discussions and studying iptables manpages etc. I am 
still missing a piece of puzzle to solve the following problem. 
I have a need to perform TOS based traffic routing. 
That means I have two interfaces (say eth0 and eth1) to backbone and I need to route the real-time critical 
IP traffic over eth1 and the remaining IP traffic over eth0. 
After a lot of experimenting I came to the conclusion that something like the following would do: 

# iptables -t mangle -A POSTROUTING -m tos --tos  16 -j ROUTE --oif eth1 
# iptables -t mangle -A POSTROUTING -m tos --tos !16 -j ROUTE --oif eth0 

Unfortunately the Linux box says: 
"No chain/target/match by that name" 

The kernel I use is 2.6.18, iptables version is the last debian stable version 1.2.11. 

Any idea what is wrong here (am I missing something in the configuration, or a library, or am I completely wrong maybe…)?

Thanks for any help. 

Br. 
Mato 

-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

RE: iptables + ROUTE

[Seferovic Edvin]

Hi,

I am not sure, but you are probably missing the extra module from
patch-o-matic-ng...

http://www.netfilter.org/projects/patch-o-matic/pom-extra.html#pom-extra-ROU
TE

E:S

-----Original Message-----
From: netfilter-bounces@lists.netfilter.org
[mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of Mato Vidovic
Sent: Donnerstag, 09. November 2006 06:41
To: netfilter@lists.netfilter.org
Subject: iptables + ROUTE 

Hi, 

I am new in iptables world - and after reading many discussions and studying
iptables manpages etc. I am 
still missing a piece of puzzle to solve the following problem. 
I have a need to perform TOS based traffic routing. 
That means I have two interfaces (say eth0 and eth1) to backbone and I need
to route the real-time critical 
IP traffic over eth1 and the remaining IP traffic over eth0. 
After a lot of experimenting I came to the conclusion that something like
the following would do: 

# iptables -t mangle -A POSTROUTING -m tos --tos  16 -j ROUTE --oif eth1 
# iptables -t mangle -A POSTROUTING -m tos --tos !16 -j ROUTE --oif eth0 

Unfortunately the Linux box says: 
"No chain/target/match by that name" 

The kernel I use is 2.6.18, iptables version is the last debian stable
version 1.2.11. 

Any idea what is wrong here (am I missing something in the configuration, or
a library, or am I completely wrong maybe.)?

Thanks for any help. 

Br. 
Mato 

-- 
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! 
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

Re: iptables + ROUTE

[Pascal Hambourg]

Hello,

Mato Vidovic a écrit :
> 
> I have a need to perform TOS based traffic routing. 
> That means I have two interfaces (say eth0 and eth1) to backbone
> and I need to route the real-time critical 
> IP traffic over eth1 and the remaining IP traffic over eth0. 
> After a lot of experimenting I came to the conclusion that something
> like the following would do: 
> 
> # iptables -t mangle -A POSTROUTING -m tos --tos  16 -j ROUTE --oif eth1 
> # iptables -t mangle -A POSTROUTING -m tos --tos !16 -j ROUTE --oif eth0 

Why not just use the TOS selection feature in advanced routing 
(involving routing rules and alternate routing tables) ?
Something like :

ip rule add tos 16 lookup tos16 priority 100
ip route add default dev eth1 table tos16

> Unfortunately the Linux box says: 
> "No chain/target/match by that name" 
>
> The kernel I use is 2.6.18, iptables version is the last debian
> stable version 1.2.11. 
> 
> Any idea what is wrong here (am I missing something in the
> configuration, or a library, or am I completely wrong maybe...)?

As Edvin Seferovic wrote, the kernel part of the ROUTE target is not 
included in the mainstream kernel yet. You can add it to your kernel 
source tree with the patch-o-matic-ng a build a ROUTE-capable kernel.